Commit - pagure - 9e1a5c49cfbc730fd361d87eeb6be74fca6cf6a7

pagure

`9e1a5c4` fix: Path traversal in view_issue_raw_file()

1 file Authored by wombelix 23 days ago, Committed by wombelix 23 days ago,

raw patch tree parent

1 file changed. 5 lines added. 1 lines removed.

    fix: Path traversal in view_issue_raw_file()
    
    Use 'werkzeug.security.safe_join()' instead of plain 'os.path.join()'
    to sanitize user-provided filename variable and avoid escaping the base directory.
    
    Vulnerability discovered by Thomas Chauchefoin <thomas@chauchefoin.fr>
    
    Fixes: rhbz#2279411, rhbz#2280728, rhbz#2280726, CVE-2024-4982
    
    Signed-off-by: Dominik Wombacher <dominik@wombacher.cc>

pagure/ui/issues.py

file modified

+5 -1

pagure

Source Code

Documentation

9e1a5c4 fix: Path traversal in view_issue_raw_file()

1 file Authored by wombelix 23 days ago, Committed by wombelix 23 days ago,

`9e1a5c4` fix: Path traversal in view_issue_raw_file()